Ask a Question related to ASP.NET Security, Design and Development.
-
Erik Sargent #1
using <location> with <authorization>
I need help with specifics of using <location> with <authorization>.
I started with
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthorization.asp?frame=true[/url]
At the bottom of the page, there is a cryptic reference to the "<location>"
tag - but no explaination of how to use it.
I found
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch08.asp[/url]
which explains it better, but there is also, the KB article
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;316871[/url] which suggests
that the <system.web> section is INSIDE the <location> tag, which doesn't
seem to be right, but since I can't get it to work I can't say for sure.
I currently have:
<configuration>
--- some other stuff ---
<authentication mode="Windows" />
<authorization>
<allow roles="group1, group2"/>
<deny users="?" />
</authorization>
<location path="error.aspx">
<authorization>
<allow users ="*" />
</authorization>
</location>
<location path="CreateReciept.asmx">
<authorization>
<allow users ="?" />
</authorization>
</location>
I am aware that '*' and '?' are different - I've been experimenting. I also
tried adding a <system.web> tag outside the main body and putting the special
location tags there, which is more what the KB article (above) indicates.
I'd like to see an example, including specifically an example of setting
certain Windows groups for access to the site generally, but anonymous access
for special pages, such as an error page and the web service. The current
behavior is to require membership in one of the listed groups in order to
access any of the site, including the pages that I've attempted to override
the settings for.
Erik Sargent Guest
-
Error: That location is controlled by another site.Please choose another location
Hi, I was wondering if anybody came across this error before: "That location is controlled by another site. Please choose another location" I am... -
URL Authorization
Hi All, I am trying to write several applications, for external users. They will use forms authentication to login. My question concerns url... -
authorization for sub directory
Hi All, Could anybody advise me for the following.. I want to restrict access to a subdirectory in an web application which has "integrated... -
<location> path authorization is not properly checked for override restrictions
Hi, This is to make developers aware of a possible problem that shows up in the authentication mechanism in the Web.Config files. Here is the... -
ASP.NET Authorization
I'd like to use role in Forms authentication and I found the following words from .net SDK about ASP.NET Authorization. " Identifies a targeted... -
Paul Glavich [MVP ASP.NET] #2 Re: using <location> with <authorization>
You can use the standard :-
<configuration>
<system.web>
......
</system.web>
</configuration>
but you can also have the <location> element within the <configuration>
element, and the <location> element also contains another <system.web>
series of elements so....
<configuration>
<system.web>
......
</system.web>
<location path="somefileorDir.aspx">
<system.web>
.........
</system.web>
</location>
</configuration>
--
- Paul Glavich
ASP.NET MVP
ASPInsider ([url]www.aspinsiders.com[/url])
"Erik Sargent" <ErikSargent@discussions.microsoft.com> wrote in message
news:F014D4C8-4F14-4B73-8D7C-5A8ED5F2B5A1@microsoft.com...[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthorization.asp?frame=true[/url]> I need help with specifics of using <location> with <authorization>.
>
> I started with
>"<location>"> At the bottom of the page, there is a cryptic reference to the[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch08.asp[/url]> tag - but no explaination of how to use it.
>
> I found
>suggests> which explains it better, but there is also, the KB article
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;316871[/url] whichalso> that the <system.web> section is INSIDE the <location> tag, which doesn't
> seem to be right, but since I can't get it to work I can't say for sure.
>
> I currently have:
>
> <configuration>
> --- some other stuff ---
> <authentication mode="Windows" />
> <authorization>
> <allow roles="group1, group2"/>
> <deny users="?" />
> </authorization>
> <location path="error.aspx">
> <authorization>
> <allow users ="*" />
> </authorization>
> </location>
>
> <location path="CreateReciept.asmx">
> <authorization>
> <allow users ="?" />
> </authorization>
> </location>
>
> I am aware that '*' and '?' are different - I've been experimenting. Ispecial> tried adding a <system.web> tag outside the main body and putting theaccess> location tags there, which is more what the KB article (above) indicates.
>
> I'd like to see an example, including specifically an example of setting
> certain Windows groups for access to the site generally, but anonymousoverride> for special pages, such as an error page and the web service. The current
> behavior is to require membership in one of the listed groups in order to
> access any of the site, including the pages that I've attempted to> the settings for.
Paul Glavich [MVP ASP.NET] Guest
-
Ollie #3 Re: using <location> with <authorization>
whilst looking for information about the <location> element yesterday I
found this, it may help it may not :)
[url]http://www.asp101.com/articles/matt/securesite/default.asp[/url]
Ollie Riches
"Erik Sargent" <ErikSargent@discussions.microsoft.com> wrote in message
news:F014D4C8-4F14-4B73-8D7C-5A8ED5F2B5A1@microsoft.com...[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetauthorization.asp?frame=true[/url]> I need help with specifics of using <location> with <authorization>.
>
> I started with
>"<location>"> At the bottom of the page, there is a cryptic reference to the[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch08.asp[/url]> tag - but no explaination of how to use it.
>
> I found
>suggests> which explains it better, but there is also, the KB article
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;316871[/url] whichalso> that the <system.web> section is INSIDE the <location> tag, which doesn't
> seem to be right, but since I can't get it to work I can't say for sure.
>
> I currently have:
>
> <configuration>
> --- some other stuff ---
> <authentication mode="Windows" />
> <authorization>
> <allow roles="group1, group2"/>
> <deny users="?" />
> </authorization>
> <location path="error.aspx">
> <authorization>
> <allow users ="*" />
> </authorization>
> </location>
>
> <location path="CreateReciept.asmx">
> <authorization>
> <allow users ="?" />
> </authorization>
> </location>
>
> I am aware that '*' and '?' are different - I've been experimenting. Ispecial> tried adding a <system.web> tag outside the main body and putting theaccess> location tags there, which is more what the KB article (above) indicates.
>
> I'd like to see an example, including specifically an example of setting
> certain Windows groups for access to the site generally, but anonymousoverride> for special pages, such as an error page and the web service. The current
> behavior is to require membership in one of the listed groups in order to
> access any of the site, including the pages that I've attempted to> the settings for.
Ollie Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
